I am trying to resolve an issue with a LEM rule. I work in a group which admins three different servers that generate Ping Sweeps. We expect this traffic. So, I created a rule to send an email when any other sever beside the three servers generates a PING sweep. While the rule triggers when any other server starts a Ping Sweep. The rule also triggers when any one of the three servers I do not want notification on starts a Ping Sweep.

there is no need for 2 groups. Collapse the 6 conditions into a single group. Toggle the outermost logic operator to an AND (the Orange vertical line with the half circle should change to a blue line(?) with a triangle)

Thank you for the reply. I made the changes you described. However, I am still getting events from the servers in which I have placed a NOT (≠) in the logic. Following are screen shots of the Conditions and the Filter.

A couple of issues. There is a Group inside a Group. It is effectively a single group. The innermost group is joined by an OR logic. It should be AND. The outermost group logic is AND. Since there is only 1 group member (the inner group), the AND or OR really doesn't matter

You rule should look like below

Also, for future reference, the correlations section of the rule definition can be equally validated using your filters. You can create a new filter in the MONITOR screen and mimic the Correlations part of the Rule definition in the Conditions part of the Filter editor, and save the filter. Then choose the 'send to nDepth' menu option, and search over a custom time frame to validate your search criteria.

Actions

More Like This

Retrieving data ...

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 130,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process. Learn more today by joining.

SolarWinds uses cookies on its websites to make your online experience easier and better. By using our website,
you consent to our use of cookies. For more information on cookies, see our cookie policy.